From 27 March to 27 April 2023, eligible stakeholders are invited to review and provide feedback on the PCI Token Service Provider (TSP) Security Requirements v1.0 during a 30-day request for comments (RFC) period.
The RFC will be available through the PCI SSC portal, including instructions on how to access the documents and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.
Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.
Background on PCI TSP Security Requirements
The PCI TSP Security Requirements cover physical and logical security requirements for Token Service Providers that generate and issue EMV Payment Tokens. This RFC provides stakeholders the opportunity to provide feedback to ensure the requirements continue to meet the needs of the industry.
As part of the RFC process, your comment(s), your organization’s name, and how PCI SSC actioned your feedback comments will be made available in the PCI SSC portal. Please review the RFC Process Guide and our resource guide: What to Know Before Participating in a PCI SSC RFC for more information on the PCI SSC RFC process.